TU Darmstadt / ULB / TUbiblio

Dynamic Anomaly Detection for More Trustworthy Outsourced Computation

Alsouri, Sami and Sinschek, Jan and Sewe, Andreas and Bodden, Eric and Mezini, Mira and Katzenbeisser, Stefan (2012):
Dynamic Anomaly Detection for More Trustworthy Outsourced Computation.
In: Information Security, In: 15th International Conference on Information Security, Passau, Germany, 19-21 Sep 2012, In: Lecture Notes in Computer Science, ISSN 0302-9743, [Online-Edition: http://dx.doi.org/10.1007/978-3-642-33383-5_11],
[Conference or Workshop Item]

Abstract

A hybrid cloud combines a trusted private cloud with a public cloud owned by an untrusted cloud provider. This is problematic: When a hybrid cloud shifts computation from its private to its public part, it must trust the public part to execute the computation as intended. We show how public-cloud providers can use dynamic anomaly detection to increase their clients’ trust in outsourced computations. The client first defines the computation’s reference behavior by running an automated dynamic analysis in the private cloud. The cloud provider then generates an application profile when executing the outsourced computation for its client, persisted in tamper-proof storage. When in doubt, the client checks the profile against the recorded reference behavior. False positives are identified by re-executing the dubious computation in the trusted private cloud, and are used to re-fine the description of the reference behavior. The approach is fully automated. Using 3,000 harmless and 118 malicious inputs to different Java applications, we show that our approach is effective. In particular, different characterizations of behavior can yield anything from low numbers of false positives to low numbers of false negatives, effectively trading trustworthiness for computation cost in the private cloud.

Item Type: Conference or Workshop Item
Erschienen: 2012
Creators: Alsouri, Sami and Sinschek, Jan and Sewe, Andreas and Bodden, Eric and Mezini, Mira and Katzenbeisser, Stefan
Title: Dynamic Anomaly Detection for More Trustworthy Outsourced Computation
Language: English
Abstract:

A hybrid cloud combines a trusted private cloud with a public cloud owned by an untrusted cloud provider. This is problematic: When a hybrid cloud shifts computation from its private to its public part, it must trust the public part to execute the computation as intended. We show how public-cloud providers can use dynamic anomaly detection to increase their clients’ trust in outsourced computations. The client first defines the computation’s reference behavior by running an automated dynamic analysis in the private cloud. The cloud provider then generates an application profile when executing the outsourced computation for its client, persisted in tamper-proof storage. When in doubt, the client checks the profile against the recorded reference behavior. False positives are identified by re-executing the dubious computation in the trusted private cloud, and are used to re-fine the description of the reference behavior. The approach is fully automated. Using 3,000 harmless and 118 malicious inputs to different Java applications, we show that our approach is effective. In particular, different characterizations of behavior can yield anything from low numbers of false positives to low numbers of false negatives, effectively trading trustworthiness for computation cost in the private cloud.

Title of Book: Information Security
Series Name: Lecture Notes in Computer Science
Volume: 7483
Uncontrolled Keywords: Cloud security, dependability, dynamic analysis, anomaly detection, hybrid clouds
Divisions: 20 Department of Computer Science > Security Engineering
20 Department of Computer Science > Software Technology
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
20 Department of Computer Science > EC SPRIDE > Secure Software Engineering
20 Department of Computer Science > EC SPRIDE
20 Department of Computer Science
Zentrale Einrichtungen
LOEWE
LOEWE > LOEWE-Zentren
Event Title: 15th International Conference on Information Security
Event Location: Passau, Germany
Event Dates: 19-21 Sep 2012
Date Deposited: 12 Sep 2012 14:49
Official URL: http://dx.doi.org/10.1007/978-3-642-33383-5_11
Identification Number: doi:10.1007/978-3-642-33383-5_11
Export:

Optionen (nur für Redakteure)

View Item View Item